[cabfpub] Ballots 141 and 142

John Randall JRandall at trustwave.com
Thu Jan 15 16:37:49 UTC 2015 

Trustwave votes no on Ballot 141 and votes no on Ballot 142.

John

From: Richard Wang <richard at wosign.com<mailto:richard at wosign.com>>
Date: Wednesday, January 14, 2015 at 6:00 PM
To: "CABFPub (public at cabforum.org<mailto:public at cabforum.org>)" <public at cabforum.org<mailto:public at cabforum.org>>
Subject: Re: [cabfpub] Ballots 141 and 142

WoSign  votes “yes” on both Ballot 141 and Ballot 142


Best Regards,

Richard

From: public-bounces at cabforum.org<mailto:public-bounces at cabforum.org> [mailto:public-bounces at cabforum.org] On Behalf Of kirk_hall at trendmicro.com<mailto:kirk_hall at trendmicro.com>
Sent: Thursday, January 15, 2015 8:00 AM
To: CABFPub (public at cabforum.org<mailto:public at cabforum.org>)
Subject: [cabfpub] Ballots 141 and 142

Trend Micro votes “yes” on both Ballot 141 and Ballot 142.

I want to recap the history of these ballots.  I actually started the effort to delete the insurance requirements in the EV Guidelines in Ballot 121 last April, but it failed.  The insurance issue came up again later in 2014.  Ben Wilson did excellent research and proposed a new, more relevant set of insurance requirements for EV certs in Ballot 133, but that ballot also failed.

At that point, I talked to a number of other CAs, and it seemed to me that we should again try to delete the current EV insurance requirements (because most people believe they are not particularly useful as applied to CAs and their work in issuing certs), but that it would be more responsible to combine that step with the addition of a new financial responsibility requirement – namely, that CAs take on some financial responsibility for the DV and OV certs they issue (not just for EV certs, like we have today in EVGL Section 18 – that sets a minimum CA liability of $2,000 per subscriber or relying party per EV cert).

I would also like to follow up with discussion of minimum capital requirements for CAs, another step to establish financial responsibility for CAs in favor of their customers and the public who rely on certs.  Maybe we should look one more time at insurance as well, and try to follow the insurance requirements of some countries for qualified certificates.

I think certs and encryption will become even more important for internet security in the next few years, and so I think CAs should take additional steps to stand behind their products .  This will be good for CAs as a whole, and good for the internet as well.

Kirk R. Hall
Operations Director, Trust Services
Trend Micro
+1.503.753.3088




TREND MICRO EMAIL NOTICE

The information contained in this email and any attachments is confidential

and may be subject to copyright or other intellectual property protection.

If you are not the intended recipient, you are not authorized to use or

disclose this information, and we request that you notify us by reply mail or

telephone and delete the original message from your mail system.




________________________________

This transmission may contain information that is privileged, confidential, and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is strictly prohibited. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20150115/8736cdbb/attachment-0003.html>

More information about the Public mailing list